vB has some different security options than a pHpbb board, but the geeks on this website (and this thread in particular) have some pretty good resources that have made my job a LOT easier, even though it's regularly cruised by search engine 'guests' and other bad actors:
http://www.theadminzone.com/forums/show ... 5&p=198765
I agree with Dale's suggestion that banning IP addresses is an exercise in futility. I do ban and prevent from registering a selection of the domain names from which most of the spambots have come, pretty much anything with .ru in the email address (but not Amsterdam, Heikki!
), and a lot of drop-box email domains--but I gave up banning IP addresses. I took this list of banned domains from theadminzone and then modified it to only include the domains that were hitting my board. The well-used domains I can't ban like yahoo and aol sit in 'users awaiting email confirmation' until I can clean them out every 24 hours or so--most people who register will confirm immediately, so if they haven't registered within a week, they have to do it again. Oh well. That way I can weed out the bad seeds usually just by looking at them, but they can't look anywhere else and only admins can see them.
Even registered, they're in a moderation queue. They still can't post, or see anything they couldn't see as a guest, until an admin confirms the membership. New registrants get an email explaining that their first posts and privileges will come when they get the admin confirmation letter. Since we first started getting slammed (right before the holidays) we've put all new members on moderation, which generally takes about 24 hours--and since then, only one spammer has actually gotten through to the general viewing public. I'm not perfect.
These other suggestions from theadminzone have helped a LOT:
-- permit guests to roam the board, just not ALL of it. They can only see certain 'public' areas...the forums that discuss the hows and whys, the daily challenges, etc. Enough to give info and pique interest, but no more. They want more, they have to register.
-- the first forum and its subforums are visible to guests, but they are closed to all new posts; only mods/admins can post there. The first forum (forum 01) is a spambot's default auto-post target. So they can't post there. Instead their stuff hits the Recipes forum on my board...where it sticks out like a sore thumb and I can get rid of it right away.
-- only registered members can read profiles, search for specific posts/threads, etc. NO one, even registered members, can 'see' another registered member's email, except those three of us who admin the board.
-- Spambots cruising for info are blocked from seeing it by limiting what automated bots can actually access. It's a forum view setting on a vB board; I don't remember just what setting it is on a pHpbb board, but it's in there, MJ. You might find it in theadminzone thread I linked up above--but in following their own advice, those guys sometimes keep that advice in the members-only area. It's one reason I registered there.
-- We can't block bots and cruisers from seeing a phone number or email posted directly in a thread if that thread is in an open-to-the-public area, so we do periodically email members or put up a public post reminding them that we're regularly searched and cruised, and we don't promise to protect what they freely give away.
If I have time this weekend, I can try to look up the setting in the admin control panel for pHpbb boards that limits what a search engine or automated board-scope can actually 'see' on a board. It's something really simple, like "permit automated searches of profiles? Yes/No" where No=bot can't scope out addresses and contact info, and there are about a dozen opportunities to tell the auto-bot "not on my board, you don't!"
Hope this helps.
